PT-2006-1507 · Text Rider · Text Rider

Aliaksandr Hartsuyeu

Published

2006-01-26

Updated

2018-10-19

CVE-2006-0440

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Text Rider version 2.4

Description The issue allows attackers to bypass authentication and upload files without providing a valid password by obtaining the MD5 hash of the password, then including the hash in a cookie.

Recommendations For Text Rider version 2.4, consider disabling the authentication bypass functionality until a patch is available. Restrict access to file upload features to minimize the risk of exploitation. Avoid using the MD5 hash of the password in cookies until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-0440

Affected Products

Text Rider

PT-2006-1507 · Text Rider · Text Rider

CVE-2006-0440

Related Identifiers

Affected Products

References · 4